file:// protocol fails if file to be opened is local and link is on a page served remotely

VERIFIED INVALID

Status

Core Graveyard
File Handling
VERIFIED INVALID
15 years ago
2 years ago

People

(Reporter: Gary Ford, Unassigned)

Tracking

Trunk
PowerPC
Mac OS X

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/20030624
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/20030624

I have a LAN with a Win2000/Apache server and a MacOSX client. A page served by
Apache contains a link "file:///VolumeName/filename.html", where the file is a
valid file path on the CLIENT machine. Clicking the link does not work, and no
error message is displayed. (Internet Explorer and Safari correctly display the
file.) If the file URL is copied and pasted into the URL box at the top of the
page, and I hit RETURN, the file opens correctly. If the served page source HTML
is copied to the client machine and opened in Mozilla, the link works and the
local file opens.

Reproducible: Always

Steps to Reproduce:
1. Create an HTML page with a file link ("file://...") to a valid file on a
client machine running Mozilla; place that HTML page on a server.
2. Open that page from the client machine.
3. Click the link.

Actual Results:  
No file displayed, no error message of any kind.

Expected Results:  
It should display the page at the specified URL.

Comment 1

15 years ago
Quoted form the release notes :

For security reasons, Mozilla does not allow web content to link to local files.
An error like "Security Error: Content at url may not load or link to
file:///something" will appear in the javascript console. If you need to follow
links to local paths it is recommended that you drag the link to the location
bar and then drop it on the webpage. If you really don't like the security check
and are willing to risk all files on your system and that your system can access
then you may add the following line to user.js in your personal profile
directory. user_pref("security.checkloaduri", false); (see Bug 84128)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → INVALID
v

Why do they write release notes if you don't read them ?
Status: RESOLVED → VERIFIED

Updated

10 years ago
Duplicate of this bug: 438299
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.